Cyber criminals are attacking online stores using private Telegram channels to steal credit card information from customers while they are making a purchases on the victim site. The find is the first public documentation of this trick that makes data extraction more efficient and the entire card skimming operation easier to manage.
The new method was discovered by Affable Kraut @AffableKraut using data from Sansec, a company specialized in fighting digital skimming.
The researcher analyzed the malicious JavaScript, which includes common anti-analysis protections. The new method was discovered by Affable Kraut using data from Sansec, a company specialized in fighting digital skimming. The researcher analyzed the malicious JavaScript, which includes common anti-analysis protections.
The script works by collecting data from any type of input field and sending it to a Telegram channel.
All the information is encrypted using a public key. A Telegram bot then posts the stolen data in a chat as a message. Protecting against this skimmer variant is not easy. Blocking Telegram connections is a temporary solution because attackers could pick a different legitimate service that would hide the ex-filtration.